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Varias historias 
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(U) The benefits 






Plug-ins extract and index jr 
tables 


XKS goal is to store the full-take 
content for 3-5 days, effectively 
"slowing down the Internet" so that 
analysts can go back and recover 


• Show me all PGP usage in Iran 



• No strong-selector 


' Can perform this kind of retrospective 
query, then simply pull content of Interest 
from site as required 


• Meta-data is saved off longer, with the 
goal of 30 days retention 












































































































TOP SECRET//COMINT//REL TO USA, AOS, CAN, GBR, NZL 


EL TO FVEV 


Driver 1: Worldwide SIGINT/Defense Cryptologic 

Platform 
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NSA Strategic Partnerships 


Alliances with over 80 Major Global Corporations 
Supporting both Missions 

AT&T °*est 

• Telecommunications & 

Network Service Providers ^ H-P ' Motorola 

• Network Infrastructure 

• Hardware Platforms 
Desktops/Servers 

• Operating Systems 

• Applications Software 

• Security Hardware & Software 

• System Integrators 
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FAA702 Operations 

Two Types of Collection 


(TS//SI//NF) 


You 
Should 
Use Both 
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Hotmail 


Coogle 
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Upstream 


Collection of communications on fiber cables 
and infrastructure as data flows past. 

(FAIRVIEW, STORMS REW, BLARNEY, OAKSTAR) 


PRISM 


Collection directly from the servers of these U S. 
Service Providers: Microsoft, Yahoo, Google 
Faeebook, PalTalk, AOL, Skype, YouTube 
Apple. 
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PRISM Collection Details 
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Current Providers 


* Microsoft (I lot mail, etc.) 

* Google 

* Yahoo! 

* Facebook 

* PalTalk 

* YouTube 

* Skype 

* AOL 
■ Apple 



What Will You Receive in Collection 
(Surveillance and Stored Comma)? 
It varies by provider. In general: 



E-mail 

Chat - video, voice 

Videos 

Photos 

Stored data 

VoIP 

File transfers 
Video Conferencing 

Noli Ileal ions of target activity - logins, ete. 
Online Social Networking details 

Special Requests 


Complete list and details on PRISM web page: 
Go PRISM FA A 
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Espionaje en Embajadas 
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Espionaje a satelites 











Ataques Informaticos 


(TS//SI//REL) JETPLOW is a firmware persistence implant for Cisco PIX Series and 
ASA (Adaptive Security Appliance) firewalls. It persists DNT's BANANAGLEE 
software implant, JETPLOW also has a persistent back-door capability. 



System Details 

> (U//FOUO) Standalone tool currently 
running on an x86 laptop loaded with 
Linux Fedora Core 3. 

> (TS//SI//REL) Exploitable Targets 
include Win2k, WinXP, WinXPSPl, 

WINXPSP2 running internet Explorer 
versions 5.0-6.0. 

> (TS//SI//REL) NS packet injection can 
target one client or multiple targets on a 
wireless network. 

> (TS//SI//REL) Attack is undetectable by 
the user. 

NIGHTSTAND Hardware 

(TS//SI//REL) Use of external amplifiers and antennas in both 
experimental and operational scenarios have resulted in successful 




(TS//SIJ/REL) JETPLOW Persistence Implant Concept of Operations 


NIGHTSTAND attacks from as far away as eight miles under ideal 
environmental conditions. 


(TS//SI//NF) Left: Intercepted packages are opened carefully; Right: A “load station" 

implants a beacon 
















































Los Documentos de Snowden 


"Yo, sentado en mi 
escritorio, tenia la facultad 
de intervenir al que fuera, 
desde un contador hasta 
un juez federal e incluso 
el presidente, siempre y 
cuando tuviera su correo 
electronico personal" 



Ej: Buscar correos electronicos 


That would look something like this... 
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(TS//SI Nl : ) PRISM Collection Dataflow 





























Espionaje Politico 


TCP SECRET//COMH1T//RJEL TC USA, G6« r Ai}$ r CAN, NIL 

(U//FOUO) S2C42 surge effort 

(U) Goal 

(TS//SI//REL) An increased understanding of the 
communication methods and associated selectors of 
Brazilian President Dilma Rousseff and her key advisers. 



TOP SECRET//COM ENT//RIL TO USA, GtR, At>5, CAN, NIL 


TO P SECRET//COM SMT//R EL TO USA, OS« r AUS r CAN, NIL 


3UO) S2C41 surge effort 


Mexico Leadership Team (S2C41) conducted a two- 
pment surge effort against one of Mexico's leading 
ates, Enrique Pena Nieto, and nine of his close 
considered by most political pundits to be the likely 
Mexican presidential elections which are to be held 
leveraged graph analysis in the development 
opment effort. 



TOP SECRET//COM ENT//K EL TO USA, G6R, AlfS, CAN, NIL 













Espionaje a sysadmins 
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Employees: 


Employees: 




Christian Steffen 


l@stellar-pcs.com or ,de - CEO of Stellar DBS 
l@stellar-pcs.com - Engineer 
SteNa^DB^NO^iQC@stellar-dbs com - NOC 
^^^^^^^^^@stellar- pcs. com 
Christoph Sommer l^B^^^steiiif-pos.com 
All Fares^^M @stellar-pcs.com 


Richard Grave 


mona 


Oliver Skaletz 


stellar-pcs com 
stellar-pcs.com 

stellar-pcs.com 

steiiar-pcs.coin 

stellar-Dcs.com 


@ iaba.de 

iabc.de 


ifiliahn Ho 


Fuente: http://www.spiegel.de 























Software Libre y Criptografia 


Active User 

Active User fP Address 
Target User | 

Target User IP Address 
Start Mar 16, 2012 13:35:35 GMT 
Stop Mar 16, 2012 13:39:53 GMT 

Other User IP Addresses 


Time (GMT) From To Messa 
Mar 16, 2012 13:37:511 
Mar 16, 2012 13:37:59] 
message.] 

Mar 16, 2012 13:38:08 
message.] 

Mar 16, 2012 13:38:12 
message.] 

Mar 16, 2012 13:38:24 
message.] 


I [OC: No decrypt available for this OTR encrypted 
[OC: No decrypt available for this OTR encrypted 
[OC: No decrypt available for this OTR encrypted 
[OC: No decrypt available for this OTR encrypted 


Tor Stinks.. 


• m 


TOP SECRET//COM1NT//REL TO USA, AUS 


TOP SECRETWCQMINT//REL TO USA, AUS//203201Q8 

***********■#!►*■*#*+*+* 

THIS INFORMATION IS DERIVED FROM FAA 
COLLECTION UNDER FAA COUNTERTERRORISM CERT 

A fr* fr * ** * **** ** 

THIS INFORMATION IS PROVIDED FOR INTELLIGENCE PURPOSES IN AN EFFORT | 
TO DEVELOP POTENTIAL LEADS. IT CANNOT BE USED IN AFFIDAVITS, COURT 
PROCEEDINGS OR SUBPOENAS, OR FOR OTHER LEGAL OR JUDICIAL PURPOSES] 


Pyahoo.com 


We will never be able to de-anonymize all Tor 
users all the time. 

With manual analysis we can de-anonymize a 
very small fraction of Tor users, however, no 
success de-anonymizing a user in response to a 
TOPI request/on demand. 


SIGAD: US-934XN 
PDDG: AX 
C ASE_N QT ATIO IN: | 

DTG: 31JA0101Z12 

Received from: [MINIMIZED US IP ADDRESS] 

Date: Mon^0Jan20l2 170137^0800 (PST) 

From: 1=0,71 > 

S ubiect^e^Jntitled 

To: yahoo, com 

[OC: No decrypt available for this PGP encrypted message.] 









Contacto 

• rafael@bonifaz.ec - 

38B8 6D44 6338 10DF 3334 204E CDFE 5731 6513 8A9F 

• Blog: https://rafael.bonifaz.ec 

• Microblog: rbonifaz@masotdon.social @rbonifaz 





